ALT-PU-2019-1010-1
Closed vulnerabilities
Published: 2018-07-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-0618
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity: LOW (3.5)
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Severity: MEDIUM (5.4)
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References:
- http://jvn.jp/en/jp/JVN00846677/index.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html
- https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html
- https://security.gentoo.org/glsa/201904-10
- https://usn.ubuntu.com/4348-1/
- https://www.debian.org/security/2018/dsa-4246
- http://jvn.jp/en/jp/JVN00846677/index.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html
- https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html
- https://security.gentoo.org/glsa/201904-10
- https://usn.ubuntu.com/4348-1/
- https://www.debian.org/security/2018/dsa-4246
Published: 2018-07-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-13796
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
- https://bugs.launchpad.net/mailman/+bug/1780874
- https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html
- https://security.gentoo.org/glsa/201904-10
- https://usn.ubuntu.com/4348-1/
- https://www.mail-archive.com/mailman-users%40python.org/msg71003.html
- https://bugs.launchpad.net/mailman/+bug/1780874
- https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html
- https://security.gentoo.org/glsa/201904-10
- https://usn.ubuntu.com/4348-1/
- https://www.mail-archive.com/mailman-users%40python.org/msg71003.html